Meet Riot, a company that participates in the current batch of Y Combinator and wants to help you fight phishing attempts. Riot runs fake phishing campaigns for your employees. For example, your team members might receive an email saying that their Google Account has been deactivated to determine if they can detect real email notifications from fake ones.
Securing your products and internal tools has never been easier with two-factor authentication, single sign-on, and access policies. And yet man remains the most important vulnerability. Many data breaches begin with a compromised account from one of your employees.
In other words, the security of your company is as high as that of your least cautious employee. That is why it will be important in the coming years to educate your employees about security risks.
Riot is currently divided into three different modules. First, you can set up fake phishing campaigns for your employees. You can select a periodicity so that your employees receive a fake phishing attempt at least every 45 days, for example. Then choose between a template library. Currently, Riot can send you fake notifications from a blocked account with Microsoft, Google, Dropbox or Black, a new shared document from Google or Dropbox, and unbranded voicemail notification.
“With the notification of the new voicemail, the person should have noticed that the email came from the noreply.link domain name,” said Riot founder and CEO Benjamin Netter.
Second, administrators get a nice dashboard to check the level of their employees. You can see if they weren’t fooled, if some of them clicked a link, and (worse) if some of them entered a login and password. This allows you to check progress over time or run frequent campaigns for some employees.
Third, your company can assign you quick safety training if you, as an employee, have not passed a test. It looks like a chat interface with a few questions. It works on desktop and mobile devices and shouldn’t take more than a few minutes. Short, effortless training should be more efficient when it comes to getting the message across, rather than boring webinars.
“The next step is fraud training for CEOs. I noticed that more and more. I spoke to a lot of people who said that assistants often receive emails from their managers asking them to buy 10 Amazon gift cards, ”said Netter.
But the CEO fraud could be worse. Some attackers send invoices to the accounting department and request a large transfer.
After all, Riot could offer more modules that go beyond training. For example, the startup could partner with an insurance company to negotiate better terms for a cyber security insurance product based on your Riot data.
Riot’s founder, Benjamin Netter, was previously the co-founder and CTO of October (formerly known as Lendix), one of the leading crowd lending platforms in Europe. He has experience in risk assessment.
The company is just getting started and has signed a handful of customers. Plans start at $ 200 a month for companies with up to 50 employees.